How to Create E-Commerce Web Site



Similar documents
What is an SSL Certificate?

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

You re FREE Guide SSL. (Secure Sockets Layer) webvisions

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Building Customer Confidence through SSL Certificates and SuperCerts

Securing your Online Data Transfer with SSL


Understanding Digital Certificates and Secure Sockets Layer (SSL)

BEGINNER S GUIDE TO SSL CERTIFICATES: Making the best choice when considering your online security options

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

GUIDE TO WEBSITES AND E-COMMERCE

Building an E-Commerce Trust Infrastructure

Why are we changing Security Partners?

Contents. Contents... i. Chapter 1 Introduction...1. Chapter 2 Using PSiGate...9. Index...25

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

SSL Certificates: A Simple Solution to Website Security

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

qwertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfgh jklzxcvbnmqwertyuiopasdfghjklzxcvb

SSL Certificates 101

An access number, dialed by a modem, that lets a computer communicate with an Internet Service Provider (ISP) or some other service provider.

Part 1: Common Mistakes in E-commerce and Best Practices

SSL A discussion of the Secure Socket Layer

Comodo 2048 bit SSL Certificates. Security for your online business now and long into the future

Swedbank Payment Portal Implementation Overview

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

CRM4M Accounting Set Up and Miscellaneous Accounting Guide Rev. 10/17/2008 rb

Is your data safe out there? -A white Paper on Online Security

Beginner s Guide to SSL Certificates

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

The Benefits of the thawte ISP Program

Introduction to Online Payment Processing and PayPal Payment Solutions

Framework of e-commerce

White Paper. Enhancing Website Security with Algorithm Agility

Online Payment Process. Name Kathleen Kaye Acosta Nr Course E-Business Technologies SS2008 Professor Dr. Eduard Heindl

Chapter 5. Data Communication And Internet Technology

Protecting Your Name on the Internet The Business Benefits of Extended Validation SSL Certificates

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

SAFE SYSTEM: SECURE APPLICATIONS FOR FINANCIAL ENVIRONMENTS USING MOBILE PHONES

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Online Backup by Mozy. Common Questions

Creating Trust Online TM. Identity & Trust Assurance in a changing standards environment. *(Extended Validation)

BEGINNERS GUIDE BEGINNERS GUIDE TO SSL CERTIFICATES: MAKING THE BEST CHOICE WHEN CONSIDERING YOUR ONLINE SECURITY OPTIONS

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

E-commerce Shopping Carts Digital Cert. Merchants

Information Security

Introduction to Cryptography

BEGINNERS GUIDE TO SSL CERTIFICATES: Making the BEST choice when considering your online security options

Unified Payment Platform Payment Pos Server Fraud Detection Server Reconciliation Server Autobill Server e-point Server Mobile Payment Server

ELECTRONIC COMMERCE WORKED EXAMPLES

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

$920+ GST Paid Annually. e-commerce Website Hosting Service HOSTING:: WHAT YOU GET WORDPRESS:: THEME + PLUG-IN UPDATES

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Electronic Payment Works

Cornerstones of Security

Web Presence Security

ISM/ISC Middleware Module

E-commerce Revision. Typical e-business Architecture. Routing and Addressing. E-Commerce Web Sites. Infrastructure- Packets, Routing and Addressing

MasterCard In tern et Gateway Service (MIGS)

USER GUIDE WWPass Security for (Outlook) For WWPass Security Pack 2.4

Certificates. Noah Zani, Tim Strasser, Andrés Baumeler

WHY YOU NEED AN SSL CERTIFICATE

Elavon Payment Gateway- 3D Secure

General tips for increasing the security of using First Investment Bank's internet banking

Secure Socket Layer (SSL) Machines included: Contents 1: Basic Overview

Overview. SSL Cryptography Overview CHAPTER 1

Ciphermail Gateway PDF Encryption Setup Guide

Realex Payments Integration Guide - Ecommerce Remote Integration. Version: v1.1

Web Security. Mahalingam Ramkumar

Technical Analysis Document

Account Management System Guide

Elavon Payment Gateway - Redirect Integration Guide

Apptix Online Backup by Mozy

Transport Layer Security Protocols

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005

New Customer Workbook

Lukasz Pater CMMS Administrator and Developer

Office Relocation Planner Guide to Credit Card Processing

INTERAC Online Merchant Guide. Interac Online. Merchant Guide

Quickstream Connectivity Options

TLS/SSL in distributed systems. Eugen Babinciuc

INTEGRATION PROCEDURES AND SPECIFICATIONS

March PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools

CREDIT CARD PROCESSING GLOSSARY OF TERMS

Instructions on TLS/SSL Certificates on Yealink Phones

OXY GEN GROUP. pay. payment solutions

WHY YOU NEED AN SSL CERTIFICATE

HTTPS: Transport-Layer Security (TLS), aka Secure Sockets Layer (SSL)

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

Evaluate the Usability of Security Audits in Electronic Commerce

Chapter 19: Shopping Carts

Digital certificates. Name Vivek kumar EM No Subject E-Business technologies Prof. Dr. Eduard heindl

Network Security Protocols

Payment Systems for E-Commerce. Shengyu Jin 4/27/2005

Transcription:

How to Create E-Commerce Web Site By A. Sittikorn Direksoonthorn BIS 3687: E-Banking and Payment System Assumption University 1/2004 Be on the Web, or Be out of Business Quick Win Agenda Encryption in the real world 7 Steps to create E-commerce web site Web Hosting / Secure Server ID Internet Payment Processing 1

Encryption in the Real World Symmetric-Key Locks with One Key : Suffers from LLSS ( loose lips sink ships ) Asymmetric-Key Locks with Two Keys : Would not it be great if we had a lock with two keys, one locks and one that unlocks? Encryption in the Real World In Practice Public-key cryptography is orders of magnitude slower than symmetric cryptography. It requires computing a complex function of your document using very large integer numbers. In Contrast Symmetric encryption is very fast (up to tens of megabytes per second). So, when encrypting a document, it is encrypted using a symmetric algorithm seeded with a random encryption key (often called a Session key). 2

Public-key Encryption Protocol Public-key Encryption Procedure The Session Key is encrypted using the public-key of the intended recipient. Since the Symmetric Key is small (typically less than 30 bytes), Public-key encryption of the session key is pretty fast The encrypted document and encrypted session key is sent to the intended recipient. The recipient decrypts the session key with their privatekey and uses the decrypted session key to decrypt the document. Public-key Encryption Protocol Procedure Diagram Sender Computer Encrypt Symmetric Key with Recipient Public Key Encrypted Document With Encrypted Session Key Recipient Computer Decrypt Symmetric Key with Recipient Private Key 3

Certify What? You are who you say you are The Hacker s Private Key will decrypt the encrypted document because the sender was duped into using this public key instead of recipient. The problem is that there is no association between you and your public key (Recipient). This is where Certificates come in. Before I use your public key, I require that a neutral, trusted third party has Verified that you are who you say you are and they associated your public-key with your name. Improved Public Key Encryption by using Certificate Authority Sender Computer Encrypt Symmetric Key with Recipient Public Key Encrypted Document With Encrypted Session Key Recipient Public Key By Certificate Authority Recipient Computer Decrypt Symmetric Key with Recipient Private Key *Once you have proved your identity to the CA., they bind your public-key to your name and Sign the resulting certificate. 4

Firewall Architecture Protecting Your Data (Example) Internet Extranet Browser SSL Firewall Web Server Session ID Encryption Application System Database Server How they different between State-full and Stateless Connectivity? Seven Steps to Build Your E- Commerce Web Site Managing Your Domain Name Choose the right site-building tools What to look for in a Web Hosting company Secure your site Internet Payment Processing System Test. Test. Test Promote your site 5

*Data source from http://www.nectec.or.th/internet/map/ Step1: What is in a name? Not only does your domain name tell customers exactly how to find your business on the Web, but also it communicates and reinforces the name of your business to every Web Site visitor. Keep these tips in mind before you choose Make it memorable Amazon.com is much catchier than booksonline.com. Describe your business Another approach is to simply and logically describe your business such as Flower.com. Keep it short The best domain names are those that customers can remember and type onto their browsers after seeing or hearing only once. 6

Manage your Domain name The Internet Corporation for Assigned Names and Numbers (ICANN) Buy an Existing Domain Name Register Domain Names Worldwide Registering a name cost you as little as $35 a year ( Domain name register such as www.networksolutions.com ). The Internet Corporation for Assigned Names and Numbers (ICANN) ICANN is a technical coordination body for the Internet. Created in October 1998 by a broad coalition of the Internet's business, technical, academic, and user communities, ICANN is assuming responsibility for a set of technical functions previously performed under U.S. government contract by Internet Assigned Numbers Authority (IANA) and other groups. Specifically, ICANN coordinates the assignment of the following identifiers that must be globally unique for the Internet to function: Internet domain names IP address numbers protocol parameter and port numbers 7

Step2 : Choose the right site-building tools With a solid plan in hand, you are ready to start constructing your e-commerce site. Many e-commerce businesses turn to professional design studios to create their Web sites, But if your budget is limited, many web site building tools make I fast and easy for you to create a polished, professional-looking site Java, XML etc... Step3 : What to look for in a Hosting Shared hosting or dedicated server? Shared hosting is an arrangement in which your site is housed on the same host server with several other Web sites. This is an economical solution for smaller sites. Dedicated server is a solution used by larger and busier sites, provides faster access and ensures that your site will be accessible to visitors 100% of the time (instead of sharing Web server speed and power with other sites). 8

Step3 : What to look for in a Hosting Hard-disk storage space. Smaller sites may need only 300-500MB of Web site storage space, while busier e- commerce sites may need at least 9GB of space. Availability. Make sure that your site must be accessible to customers 24 hours a day. Email accounts. Email account that match your domain name are often availble Step3 : What to look for in a Hosting SSL Encryption: The security of the credit card numbers and other personal information customers send you should be a top concern. Does your ISP or Web host protect your site with an SSL server ID? Support. A bigpartofthevalueofturningtoanispor Web host is that you do not have to worry about keeping the Web server running. Does your hosting offer 24x7 customer service? 9

Step4: Secure Your Site With your Internet identity established and your site built and hosted, it is time to turn your online storefront into a thriving e-commerce business. To do it, you must win your customers trust. 85% of Web users surveyed reported that a lack of security made them uncomfortable sending credit card numbers over the Internet. E-merchants who can win the confidence of these customers will gain their business and their loyalty. Step4.1: The Trust Solution by SSL SSL Server Ids for Authentication and Encryption: Digital certificate for your Web site (or Server Ids) are the answer for these security question. Installed on your Web server, a Server ID is a digital credential that enables your customers to verify your site s authenticity and to provide customers with the world s highest level of trust. A Server ID assures them that your Web sites is legitimate, that they are really doing business with you, and that confidential information. 10

Step4.2: How Sever IDs Work (40 or 128-bit) 1 A customer contacts your site and accesses a page secured by a Server ID (indicated by a URL that begin with https instead of just http or by a message from the browser). 2 Your server responds, automatically sending the customer your site s digital certificate, which authenticates your site. 3 Your customer s Web Browser generates a unique Session Key to encrypt all communications with the sites. The user s browser encrypts the session key itself with your site s public key so only your site can read the session key. 4 A secure session is now established. It all takes only seconds and requires no action by the customer. Depending on the browser, the customer may see a key icon becoming whole or a padlock closing, indicating the session is secure. Step 5: Internet Payment Processing System Your Customer: A holder of a payment instrument - such as credit card, debit cared, or electronic cash from issuer. The Issuer: A financial institution, such as a bank, that provides your customer with a payment instrument. The issuer is responsible for the cardholder s debt payment. The Merchant: Your e-commerce site, which sells goods or services to the cardholder via a web, A merchant that accepts payment cards must have an Internet Merchant Account with an Acquirer. 11

Step 5: Internet Payment Processing System The Acquirer: A financial institution that establishes an account with you, the merchant, and processes payment authorizations and payments. The acquirer provides authorization to the merchant that a given account is active and that the proposed purchase does not exceed the customer s credit limit. The acquirer also provides electronic transfer of payments to your account, and is then reimbursed by the issuer via the transfer of electronic funds over a payment network. Step 5: Internet Payment Processing System The payment gate way: Operated by a third-party provider, the gateway system processes merchant payments by providing an interface between your e- commerce site and acquirer s financial processing system. The processor (Settlement Operator): A large data center that processes credit card transactions and settles funds to merchants, the processor is connected to your site on behalf of an acquirer via a payment gateway. 12

Step 5.1: Basic steps of an online payment 1 The customer places an order online by selecting items from your Web site and sending you a list. Your site often replies with an order summary of the items, their price, a total, and an order number. 2 The customer sends the order, including payment data to you. The payment information is usually encrypted by an SSL pipeline set up between the customer s Web browser and your Web server s SSL certificate. Step 5.1: Basic steps of an online payment 3 Your e-commerce site requests payment authorization from the payment gateway, which routes the request to banks and payment processors. Authorization is a request to charge a cardholder, and must be settled for the cardholder s account to be charged. This ensures that the payment is approved by the issuer, and guarantees that you will be paid. 4 You confirm the order an supply the goods or services to the customer. 13

Step 5.1: Basic steps of an online payment 5 You then request payment, sending the request to the payment gateway, which handles the payment processing with processor. 6 Transactions are settled, or routed by the acquiring bank to your acquiring bank for deposit. So how do you implement a payment gateway to process payments on your site? Building your own dedicated pipeline to connect all the players isn t a practical option, so for small- and medium-size businesses, outsourcing to a payment service provider is the best solution. Step6: Test Test Test You will only have one chance to make a first impression on each new visiting customer and broken links, incorrect phone numbers and grammatical or spelling errors diminish the professional polish you are striving for. Make sure you use both Macintosh and PCs for testing and different browsers and modem speeds. Do not forget about customer support: it is the key to creating loyal customers. 14

Step7: Promote Your Site Register your site with search engines. Put your domain name everywhere. Advertise. Push and Poll Strategies Data Warehousing Overview A new paradigm for decision making, with applications ranging from database marketing and electronic commerce to fraud detection, credit scoring, warranty management, even auditing data before storing it in a database 15

The Knowledge Discovery Process The building and implementing of a data mining solution is referred to as KDD (Knowledge Discovery Database). The definition of the business problem, the KDD is an iterative process requiring an important input from the user The Statistic theory and practice have been the traditional method to study and analyze data (the combination of predictors). Data mining beyond than that. It makes for a huge data set and independent variables. The Data Mining Process (KDD) Data Selection Target Data Pre-processing Preprocessed Data Transformation Knowledge Interpretation Patterns Data Mining Transformed Data Sources: From Payyad et al.(1996) 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information